Answer-first summary for fast verification
Answer: Assign the compute.imageUser role in the image creation Project to enable users to create instances from these images.
The correct approach is to assign the compute.imageUser role to users in the Project where the images are created, ensuring adherence to the principle of least privilege. Granting the compute.instanceAdmin role (options A and C) is overly permissive. Assigning roles in the users' Projects (options D) does not align with the best practice of managing permissions in the image creation Project. Reference: [Google Cloud Compute Images Best Practices](https://cloud.google.com/compute/docs/images/image-management-best-practices).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company manages multiple Google Projects, including one dedicated to automated Compute and Docker Image creation within your CI/CD pipeline. Developers, staging, and production teams need access to these images for deployments. Adhering to the principle of least privilege, which IAM role should you assign to these users?
A
Grant users the compute.instanceAdmin role in their respective Projects to allow instance creation from these images.
B
Assign the compute.imageUser role in the image creation Project to enable users to create instances from these images.
C
Provide users with the compute.instanceAdmin role in the image creation Project for creating instances from these images.
D
Enable users to create instances from these images by granting them the compute.imageUser role in their different Projects.
No comments yet.